Search
  • Avantia Threat Update

PHONE ATTACK CONVERTS SMART VACUUMS INTO MICROPHONES


This Past Week;

Phone attack converts smart vacuums into microphones; Work from anywhere: is 2021 the future of work - aUSA perspective; IoT Security is a mess - these guidelines could help fix that; This critical software flaw is now being used to break into networks - so update fast; Hackers scale ‘The North Face’; Ransomware rocks eCommerce; An in-depth look at the importance of cyber resilience; How remote work increases ransomware danger, and major breaches in UNITED STATES; CANADA; UNITED KINGDOM; CHILE; ITALY; AUSTRALIA; GERMANY; INDIA; SINGAPORE; MALAYSIA.


Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 501+

________________________________________________________________________

PHONE ATTACK CONVERTS SMART VACUUMS INTO MICROPHONES.

A team of academics has detailed this week novel research that converted a smart vacuum cleaner into a microphone capable of recording nearby conversations. Named LidarPhone, the technique works by taking the vacuum's built-in LIDAR laser-based navigational component and converting it into a laser microphone. Laser microphones are well-known surveillance tools that were used during the Cold War to record conversations from afar. Intelligence agents pointed lasers at far-away windows to monitor how glass vibrated and decoded the vibrations to decipher conversations taking place inside rooms. Academics from the University of Maryland and the National University of Singapore took this same simple concept but applied it to a Xiaomi Roborock vacuum cleaning robot. Certain conditions need to be met: A LidarPhone attack is not straightforward, and certain conditions need to be met. For starters, an attacker would need to use malware or a tainted update process to modify the vacuum's firmware in order to take control of the LiDAR component. This is needed because vacuum LiDARs work by rotating at all times, a process that reduces the number of data points an attacker can collect. Through tainted firmware, attackers would need to stop the vacuum LiDAR from rotating and instead have it focus on one nearby object at a time, from where it could record how its surface vibrates to sound waves.How BHP overcame site lockdowns with mixed reality and online expertise. With traditional FIFO not possible, BHP found an answer in just four weeks, creating a new RIRO ‘remote-in, remote-out’ paradigm to get experts into the field with smart tech. In addition, because smart vacuum LiDAR components are nowhere near as accurate as surveillance-grade laser microphones, the researchers also said the collected laser readings would need to be uploaded to the attacker's remote server for further processing in order to boost the signal and get the sound quality to a state where it can be understood by a human observer. Nonetheless, despite all these conditions, researchers said they were successful in recording and obtaining audio data from the test Xiaomi robot's LiDAR navigational component. They tested the LidarPhone attack with various objects, by varying the distance between the robot and the object, and the distance between the sound origin and the object. Tests focused on recovering numerical values, which the research team said they managed to recover with a 90% accuracy. But academics said the technique could also be used to identify speakers based on gender or even determine their political orientation from the music played during news shows, captured by the vacuum's LiDAR.

NO NEED TO PANIC YET. JUST ACADEMIC RESEARCH. But while the LidarPhone attack sounds like a gross invasion of privacy, users need not panic for the time being. This type of attack revolves around many prerequisites that most attacks won't bother. There are far easier ways of spying on users than overwriting a vacuum's firmware to control its laser navigation system, such as tricking the user on installing malware on their phone. The LidarPhone attack is merely novel academic research that can be used to bolster the security and design of future smart vacuum robots. In fact, the research team's main recommended countermeasure for smart vacuum cleaning robot makers is to shut down the LiDAR component if it's not rotating. Additional details about the research are available in a research paper titled "Spying with Your Robot Vacuum Cleaner: Eavesdropping via Lidar Sensors." The paper is available for viewing in a PDF format and was presented at the ACM Conference on Embedded Networked Sensor Systems (SenSys 2020), on November 18, 2020.


WORK FROM ANYWHERE: IS 2021 THE FUTURE OF WORK - A USA PERSPECTIVE.

It's perpetually surreal to be living through what will inevitably be a historical pivot point. Our short-term adjustments are giving way to long term changes, and it's astounding how apparent that is. Nevertheless, the substance of the changes to work and culture, the ones that will survive, remain elusive, a betting person's game. Fortunately, some executives are willing to wade into the murky waters of prediction. One of them is Audrey Khusid, founder and CEO of. As head of the digital white boarding platform, which has doubled its user base from 3.7M to 9M since March and is now used by 95% of Fortune 100 companies, Khusid has a front row seat to the evolution of the changing workplace. Based on his observations from 2020, he predicts that work from home will become work from anywhere (WFX), and there will be a massive digital transformation as a result. What else will change? I caught up with Khusid to discuss the future. Here are his six most poignant predictions for 2021, with thanks for the insights. Mastering remote work is all about finding the right tools to stay productive and connected. This guide will have you and your team synchronized and working in harmony, wherever you happen to be. More and more companies are announcing that remote work will be permanent, even when travel restrictions and social distancing will not be. The result: As travel opportunities begin to reopen, millions of employees will turn their new-found remote status into the chance to work from anywhere, relocating outside of urban centers, making up for lost time with family, or participating in remote years and other "workation" opportunities. And because companies have spent the last year investing in technology that enables virtual collaboration -- for many of these employees the transition will be seamless and unnoticed by employers. The US heartland will see an "undraining" of brains. The phenomenon of highly skilled college graduates leaving their hometowns in middle America and relocating to economic centers like Silicon Valley, New York, and Austin is commonly known as "Brain Drain," -- and remote work may finally bring it to an end. Instead of fleeing the heartland en masse for new opportunities, remote work will allow these workers to stay settled in regional hubs like Madison, Grand Rapids, Asheville, Boulder, Nashville, and Raleigh. This regionalization of talent will have a massive impact on American culture, affecting everything from real-estate markets to electoral politics -- while still giving companies from around the country access to top talent. Digital transformation has pushed enterprises to look deeply into their data centre. strategyPoint to Accelerators coming out of places like Buffalo, South Bend, and Charlotte. Hybrid work will present new challenges to unequipped teams. Thousands of enterprises will gradually begin phasing teams back into the office by adopting hybrid strategies that combine remote and in-office work. While hybrid work is a good compromise to protect employees with health concerns, the risk becomes introducing "worst of both worlds" work habits into company collaboration. To mitigate these effects, enterprises can embrace a culture of asynchronous sharing to replace many of the status and other routine meetings that fill up employee calendars. For brainstorms and real-time meetings, companies must make meetings interactive so that virtual attendees can participate with just as little friction as in-person ones, and craft collaborative practices that are inclusive to remote workers, like holding meetings entirely virtually even if some members are in the office. Engagement is the new productivity. Since the start of the SaaS (Software As A Service) era, billions of dollars have been invested into technology solutions that offered improvements to productivity in the enterprises. Many of the startups built by offering these solutions are now publicly traded companies like Slack and Asana, and even more solutions in the space have come from giants like Google and Microsoft. Looking forward, CIO priorities and budgets will shift away from making employees more productive and into making them more engaged. Engagement is different from productivity. Engagement refers to the passion employees have for their jobs and the connection they feel to their teams. In an era of remote and hybrid work, high levels of engagement will be a competitive advantage in developing products, attracting talent, and building customer loyalty in a crowded landscape. In the new world of work from anywhere (WFX), employees must amplify their engagement to find advancement opportunities. One of the drawbacks of remote work is that it's more difficult to draw attention to what you're working on day-to-day. In an office setting your attitude, body language, and relationships help drive the way you're perceived, opening doors for those with genuine enthusiasm and passion for their workplace. But in a remote setting where employees collaborate predominantly with text, such enthusiasm is harder for employees to convey and for employers to identify. In 2021 it will be important that employees put extra effort into amplifying their engagement virtually to make sure they get new opportunities. They must participate in virtual events, be active in group messaging, and keep their enthusiasm high during zoom calls to stand out as leaders while working from home. Young careers may suffer from lack of organic mentorship opportunities. Particularly early in their careers, young workers depend on a combination of observing experienced colleagues and formal, hands-on mentorship to improve the job skills that allow them to grow. In a remote work environment, organic opportunities for this kind of learning are fewer and further between. In an office, you can hear colleagues think out loud, hop in informal huddles to share the reasoning behind decisions, and observe professional behavior in-person to learn the ropes. In a work from anywhere (WFX) world, this is not possible. To help develop a new generation of talent, companies will need to be proactive and deliberate in 2021 in building mentorship programs, and managers must give time and love to new employees to make sure they are learning the ropes and ultimately mastering their jobs to take on new challenges. Those who fail to do so risk losing rising talent.


IoT SECURITY IS A MESS. THESE GUIDELINES COULD HELP FIX THAT.

The supply chain around the Internet of Things (IoT) has become the weak link in cybersecurity, potentially leaving organisations open to cyber attacks via vulnerabilities they're not aware of. But a newly released set of guidelines aims to ensure that security forms part of the entire lifespan of IoT product development. The Guidelines for Securing the IoT – Secure Supply Chain for IoT report from the European Union Agency for Cybersecurity (ENISA) sets out recommendations throughout the entire IoT supply chain to help keep organisations protected from vulnerabilities which can arise when building connected things. One of the key recommendations is that cybersecurity expertise should be further integrated into all layers of organisations, including engineering, management, marketing and others so anyone involved in any part of the supply chain has the ability to identify potential risks – hopefully spotting and addressing them at an early stage of the product development cycle and preventing them from becoming a major issue. It's also recommended that 'Security by Design' is adopted at every stage of the IoT development process, focusing on careful planning and risk management to ensure that any potential security issues with devices are caught early. "Early decisions made during the design phase usually have impactful implications on later stages, especially during maintenance," said the report. Another recommendation that organisations throughout the product development and deployment cycle should forge better relationships in order to address security loopholes which may arise when there's no communication between those involved. These include errors in design due to lack of visibility in the supply chain of components – something which can happen when there's misunderstandings or lack of coordination between parts manufacturers and the IoT vendor. However, not all responsibility should rely with IoT manufacturers, the paper also recommends that customers and end-user organisations need to play a role in supply chain implementation and can "benefit greatly from dedicating resources to studying the current landscape and adapting the existing best practices to their particular case". "Securing the supply chain of ICT products and services should be a prerequisite for their further adoption particularly for critical infrastructure and services. Only then can we reap the benefits associated with their widespread deployment, as it happens with IoT," said Juhan Lepassaar, executive director or ENISA.


THIS CRITICAL SOFTWARE FLAW IS NOW BEING USED TO BREAK INTO NETWORKS - SO UPDATE FAST.

State-backed hackers and criminal gangs are now actively using a vulnerability in mobile device management (MDM) software to successfully gain access to networks across government, healthcare and other industries. The UK's National Cyber Security Centre (NCSC) has issued an alert warning that a number of groups are currently using a vulnerability in MDM software from MobileIron. MDM systems allow system administrators to manage an organisation's mobile devices from a central server, making them a valuable target for criminals or spies to break into. In June 2020, MobileIron released security updates to address several vulnerabilities in its products. This included CVE-2020-15505, a remote code execution vulnerability. This critical-rated vulnerability affects MobileIron Core and Connector products, and could allow a remote attacker to execute arbitrary code on a system. The NCSC is aware that nation-state groups and cyber criminals "are now actively attempting to exploit this vulnerability to compromise the networks of UK organisations". While the UK report doesn't provide any information as to the identity of these groups, this vulnerability has already become popular with Chinese state-backed hackers.How online insurer Youi keeps its award-winning culture thriving while working remotely. With many staff now at home, Youi accelerated their technology roadmap to keep their people informed and engaged in new ways, all while keeping the business on target. While MobileIron made security updates available for all impacted versions on 15 June 2020, not every organisation has yet updated their software. "In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected," NCSC said. A proof-of-concept version of the exploit became available in September 2020, and since then both hostile state actors and cyber criminals have attempted to exploit this vulnerability in the UK and elsewhere. These attackers typically scan victims' networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting, NCSC said. It noted that sophisticated hackers are using this vulnerability in combination with the Netlogon/Zerologon vulnerability CVE-2020-1472 in a single intrusion attempt. NCSC notes that it's also important for organisations using affected versions to ensure they are following other best-practice cybersecurity advice, such as scanning their own networks and undertaking continual audits. This will help identify suspicious activity in the event that this vulnerability has already been exploited. "In the case of this MobileIron vulnerability, the most important aspect is to install the latest updates as soon as practicable," NCSC said.


HACKER SELLS ACCESS TO THE EMAIL ACCOUNTS OF HUNDREDS OF C LEVEL (SENIOR CORPORATE OFFICERS) EXECUTIVES WORLDWIDE

A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions such as:

CEO - chief executive officer; COO - chief operating officer; CFO - chief financial officer or chief financial controller

CMO - chief marketing officer; CTOs - chief technology officer; President; Vice president; Executive Assistant; Finance Manager; Accountant; Director; Finance Director; Financial Controller; Accounts Payables.

Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user's role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain. The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker. The seller refused to share how he obtained the login credentials but said he had hundreds more to sell. According to data provided by threat intelligence firm KELA, the same threat actor had previously expressed interest in buying "Azor logs," a term that refers to data collected from computers infected with the AzorUlt info-stealer trojan. Infostealer logs almost always contain usernames and passwords that the trojan extracts from browsers found installed on infected hosts. This data is often collected by the infostealer operators, who filter and organize it, and then put it on sale on dedicated markets like Genesis, on hacking forums, or they sell it to other cybercrime gangs. "Compromised corporate email credentials can be valuable for cybercriminals, as they can be monetized in many different ways," KELA Product Manager Raveed Laeb told ZDNet. "Attackers can use them for internal communications as part of a 'CEO scam' - where criminals manipulate employees into wiring them large sums of money; they can be used in order to access sensitive information as part of an extortion scheme; or, these credentials can also be exploited in order to gain access to other internal systems that require email-based 2FA, in order to move laterally in the organization and conduct a network intrusion," Laeb added. But, most likely, the compromised emails will be bought and abused for CEO scams, also known as BEC (Business Enterprise Compromise) scams. According to an FBI report this year, BEC scams were, by far, the most popular form of cybercrime in 2019, having accounted for half of the cybercrime losses reported last year. The easiest way of preventing hackers from monetizing any type of stolen credentials is to use a two-step verification (2SV) or two-factor authentication (2FA) solution for your online accounts. Even if hackers manage to steal login details, they will be useless without the proper 2SV/2FA additional verifier.

______________________________________________________________________________


THREAT FOCUS: Delaware Division of Public Health - UNITED STATES

https://news.delaware.gov/2020/11/15/delaware-division-of-public-health-announces-data-breach-incident/


Exploit: Accidental Data Sharing

Delaware Division of Public Health: State Health Agency

Risk to Business: 2.311 = Severe - The Delaware Division of Public Health announced that in mid-September, a temp sent two emails containing COVID-19 test results for approximately 10,000 individuals to the wrong party. The August 13, 2020, email included test results for individuals tested between July 16, 2020, and August 10, 2020. The August 20, 2020, email included test results for individuals tested on August 15, 2020. Investigators have determined that these emails were sent by mistake, as the information was supposed to be sent to a member of the call center staff to assist individuals in obtaining their test results.

Individual Risk: 2.824 = Moderate - The information mistakenly released in this foul-up included the date of the test, test location, patient name, patient date of birth, phone number if provided, and test result. Customers Impacted: 10,000

How it Could Affect Your Business: Human error remains the number one cause of a data breach. Security awareness training is the most effective way to prevent unfortunate employee errors. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 to find out more.

THREAT FOCUS: Vertafore Inc - UNITED STATES

https://siliconangle.com/2020/11/15/data-belonging-27-7m-texas-drivers-stolen-latest-case-unsecured-storage/


Exploit: Unsecured Database

Vertafore Inc.: Insurance Company

Risk to Business: 1.702 = Severe - Information about 27.7 million Texas drivers has been exposed online and stolen from an unsecured database belonging to insurance company Vertafore Inc. after someone put three major company files on an unsecured storage server.

Individual Risk: 2.662 = Moderate - The company says that no identification misuse has been determined, but they’re also offering free credit monitoring and identity restoration services to all Texas driver’s license holders potentially affected by the data breach.

Customers Impacted: $27.7 million

How it Could Affect Your Business: Bad data handling is a symptom of poor cybersecurity hygiene, and it can easily lead to bigger problems like ransomware and password compromise.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 to find out more.

THREAT FOCUS: X-Cart - UNITED STATES

http://www.digitaljournal.com/tech-and-science/technology/x-cart-suffers-from-ransomware-attack/article/580881


Exploit: Third Party Software

X-Cart: eCommerce Platform Creator

Risk to Business: 2.003 = Severe - X-cart discovered the danger of vetting errors when attackers exploited a vulnerability in a third-party software tool to gain access to X-Cart’s store hosting systems. Some stores went down completely, while others reported issues with sending email alerts. The incident is under investigation and service has been restored for clients.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Cyberattacks can come from unexpected quarters, like a vulnerability in third-party software that you rely on.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly adds essential protection to your systems and data through secure identity and access management to place a strong shield between your business and cybercrime. Call Avantia on 07 30109711 today

THREAT FOCUS: Wildworks (Animal Jam) - UNITED STATES

https://www.informationsecuritybuzz.com/expert-comments/animal-jam-kids-virtual-world-hit-by-data-breach-impacting-46m-accounts-expert-commentary/


Exploit: Third Party Data Breach

Wildworks: Video Game Developer

Risk to Business: 1.664 = Severe - Wildworks, the developer of the online kid’s playground Animal Jam, announced a data breach involving a third-party vendor that exposed the information of millions of children on the Dark Web. The information appeared on the Dark Web as the booty of cybercrime gang ShinyHunters. Individual Risk: 1.902 = Severe - Exposed information includes 46 million player usernames, which are human moderated to make sure they do not contain a child’s proper name, 46 million SHA1 hashed passwords and approximately 7 million email addresses of parents whose children registered for Animal Jam. Customers Impacted: 46 million

How it Could Affect Your Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 to find out more.


THREAT FOCUS: Pluto TV - UNITED STATES

https://www.bleepingcomputer.com/news/security/hacker-shares-32-million-pluto-tv-accounts-for-free-on-forum/


Exploit: Hacking

Pluto TV: Online Television Service

Risk to Business: 2.166 = Severe - Hackers from the cybercrime gang ShinyHunters have announced the acquisition of 3.2 million Pluto TV user records that were purportedly stolen during a data breach. The data appears to be somewhat out of date, and Pluto TV has not confirmed the breach. Individual Risk: 2.611 = Moderate - Exposed information includes a member’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address. The data is estimated to be about two years old. Customers Impacted: Unknown

How it Could Affect Your Business: Protecting your client records and other sensitive data from thieves has to be a top priority, no matter how old it is. Customers expect that you’ll keep it safe with reasonable security precautions in place. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly adds essential protection to your systems and data through secure identity and access management to place a strong shield between your business and cybercrime. Call Avantia on 07 30109711 today


THREAT FOCUS: The North Face - UNITED STATES

https://chainstoreage.com/report-hackers-may-have-obtained-north-face-customer-data


Exploit: Credential Stuffing

The North Face: Outdoor Apparel Retailer

Risk to Business: 2.322 = Severe - Hackers mounted a successful attack against outdoor retailer The North Face, capturing an unknown amount of client data in the process. While retail operations were not disrupted, the company has released a caution to customers about the incident. Individual Risk: 2.711 = Moderate - The company noted that the breach includes “products you have purchased on our website, products you have saved to your ‘favorites,’ your billing address, your shipping address(es), your VIPeak customer loyalty point total, your email preferences, your first and last name, your birthday (if you saved it to your account), and your telephone number (if you saved it to your account)”. Payment information was stored separately and more securely and not impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Credential stuffing attacks have gained new fuel from a bountiful harvest of Dark Web data dumps adding fresh ammo for cybercrime.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly adds essential protection to your systems and data through secure identity and access management to place a strong shield between your business and cybercrime. Call Avantia on 07 30109711 today


THREAT FOCUS: The City of Saint John, N. B. - CANADA

https://www.itworldcanada.com/article/saint-john-n-b-shuts-it-systems-after-significant-cyber-attack/438315


Exploit: Ransomware

The City of Saint John, N. B.: Municipal Government

Risk to Business: 1.222 = Extreme - A massive cyberattack has ground many municipal operations to a halt in Saint John, New Brunswick. The suspected ransomware attack on the city government caused havoc. Government officials said in a statement that while its 911 communications network is open, the cyberattack has shut the city’s website, email, online payment system, and customer service applications.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: 68,000

How it Could Affect Your Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Phishing resistance training is one of the most important ways that any organization can protect their systems and data. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. To learn more call +61 7 30109711 today.


THREAT FOCUS: Sandcliffe Motor Group - UNITED KINGDOM

https://www.am-online.com/news/dealer-news/2020/11/09/sandicliffe-customer-data-breach-could-affect-thousands

Exploit: Ransomware

Sandcliffe Motor Group: Automobile Retailer

Risk to Business: 1.802 = Severe - A ransomware attack has exposed the information of employees and customers of Sandcliffe Motor Group. The chain of 10 dealerships around the UK has traced the source to an employee clicking a link in a phishing email.

Individual Risk: 1.613 = Severe - The company noted that bank account details and medical histories may be included in the information that was snatched. Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts. Customers Impacted: Unknown

How it Could Affect Your Business: Phishing never goes away, and it’s always the fastest, easiest way for cybercriminals to strike.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly adds essential protection to your systems and data through secure identity and access management to place a strong shield between your business and cybercrime. Call Avantia on 07 30109711 today


THREAT FOCUS: Miltenyi Biotec - GERMANY

https://www.securityweek.com/biotech-company-miltenyi-biotec-discloses-malware-attack


Exploit: Malware

Miltenyi Biotec: Cell and Therapy Research Solutions Provider

Risk to Business: 2.322 = Severe - Malware is to blame for a recent spate of order processing snafus at Miltenyi Biotec, a major manufacturer and distributor of essential solutions used in scientific research and medical therapies. The company noted that it has been able to control the problem and does not anticipate a significant future impact. Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

How it Could Affect Your Business: Malware can arrive on your doorstep in many ways, but it’s most likely to come attached to a phishing email.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t wait until malware knocks on your door to update phishing resistance training for every staffer with easy, remote-friendly training using BullPhish ID. Get more info from Avantia by calling +61 7 30109711 now.


THREAT FOCUS: Nexia Australia and New Zealand - AUSTRALIA

https://www.itwire.com/security/melbourne-firm-denies-data-stolen-during-ransomware-attack.html

Exploit: Ransomware

Nexia Australia and New Zealand: Accounting Firm

Risk to Business: 1.806 = Severe - REvil ransomware strikes again, this time at major accounting firm Nexia. The company informed regulators of an attack on November 3, 2020. While the REvil gang had up until recently boasted of the score on its website, the information has since disappeared, leading to speculation that the ransom was paid. The firm has not confirmed what if any data was stolen, although the REvil group did confirm that it had data in its initial posting. Individual Impact: No information is available about any personal or financial data that was exposed in this incident. Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a menace that every company must be on guard for at every turn to avoid messy and damaging incidents like this, with correspondingly expensive results. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t wait until malware knocks on your door to update phishing resistance training for every staffer with easy, remote-friendly training using BullPhish ID. Get more info from Avantia by calling +61 7 30109711 now.


THREAT FOCUS: Press Trust of India - INDIA

https://www.nationalheraldindia.com/national/massive-ransomware-attack-hits-news-agaency-pti-services-resume


Exploit: Ransomware

Press Trust of India: News Reporting Service

Risk to Business: 2.169 = Severe - Major Indian news agency Press Trust of India was shut down for several hours over the weekend after a ransomware attack disrupted its operations, leaving millions of subscribers including major news sources in the dark. Service was restored by the next day and an investigation is underway, but the suspected culprit is ransomware. Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Snarling systems and impacting production are two goals that we’re seeing on the rise on cybercriminal hit lists, and frequently ransomware is the tool that they prefer to shut down businesses. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t wait until malware knocks on your door to update phishing resistance training for every staffer with easy, remote-friendly training using BullPhish ID. Get more info from Avantia by calling +61 7 30109711 now.

THREAT FOCUS: RedDoorz - SINGAPORE

https://www.bleepingcomputer.com/news/security/58-million-reddoorz-user-records-for-sale-on-hacking-forum/


Exploit: Unauthorized Database Access

RedDoorz: Hotel Management and Booking Platform

Risk to Business: 2.070 = Severe - The bad guys slipped through the door at the hotel and travel booking platform RedDoorz, and they took home some souvenirs. A threat actor is selling a RedDoorz database containing 5.8 million user records on a Dark Web forum.

Individual Risk: 2.037 = Severe - In the information exposed on the Dark Web, cybercriminals showed that they had obtained user records that included the member’s email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation as well as miscellaneous personal details. Users of the platform should be wary of spear phishing attempts using this data.

Customers Impacted: 5.9 million

How it Could Affect Your Business: Putting extra security between your client records and hackers is a smart move to avoid becoming part of the booming Dark Web data economy.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Passly adds essential protection to your systems and data through secure identity and access management to place a strong shield between your business and cybercrime. Call Avantia on 07 30109711 today


THREAT FOCUS: 123RF - MALAYSIA

https://www.hackread.com/ransomware-attack-brazil-top-court-encrypts-backups/


Exploit: Unauthorized Database Access

123RF: Stock Photo Provider

Risk to Business: 2.233 = Severe - Popular stock photo source 123RF discovered that someone had stopped by or more than just some free art this week after 8.3 million of its client records appeared on the Dark Web. Based on the dates listed, the information is likely a year or so old.

Individual Risk: 2.427 = Severe - The pilfered data includes user records showing 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database. Users should be on the lookout for possible spear phishing emails like fake PayPal notices using this data.

Customers Impacted: Unknown

How it Could Affect Your Business: Guarding user records is essential in today’s business world because savvy users are likely to take their business elsewhere after a breach.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 to find out more.


THREAT FOCUS: Cencosud - CHILE

https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/


Exploit: Malware

Cencosud: Retail Conglomerate

Risk to Business: 2.342 = Severe - Cencosud was hit with a ransomware attack that encrypted devices throughout their retail outlets and impacted the company’s operations. Most retail locations of the South American retail giant are operational, but other services including its in-house credit cards have been impacted. Egregor ransomware is suspected as the culprit. Cencosud manages a wide variety of stores in Argentina, Brazil, Chile, Colombia, and Peru. Individual Risk: While it’s clear that a great deal of information and major systems were encrypted, there are no specifics on any data stolen.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware as a business disruptor is a favored weapon of nation-state hackers, and is being more frequently used to create chaos in retail, healthcare, government, and essential service operations. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.


Avantia Cyber Security & ID Agent to the Rescue: Don’t wait until malware knocks on your door to update phishing resistance training for every staffer with easy, remote-friendly training using BullPhish ID. Get more info from Avantia by calling +61 7 30109711 now.

______________________________________________________________________________

POSTSCRIPT: